The only way to be in cyber is to be an expert – Dan Trueman, Global Head of Cyber, AXIS Insurance
This week’s guest on The Voice of Insurance podcast is Dan Trueman, Global Head of Cyber at AXIS Insurance. Dan was one of Mark Geoghegan’s first interviewees, and back in Episode 10, he predicted that the Cyber market was on the brink of significant change and that Cyber insurance would never be sold more cheaply than it was back then.
After 111 episodes, Dan is back, speaking about the state of Cyber insurance, what has changed in the last couple of years since he was on the podcast, and what keeps him awake at night.
In Aon’s 2021 Global Risk Management Survey, which gathered the responses of 2,344 risk decision-makers from 16 industry clusters in 60 countries/territories around the world, Cyber Attacks/Data Breaches was selected as the number one concern. Aon´s report states that this ranking could be attributed to the central role technology played as “an enabler both of business survival during the COVID-19 lockdowns of 2020 and of acceleration of economic activity during the reopening. However, this expanded dependency on technology has similarly expanded “attack surfaces,” presenting more potential security vulnerabilities to bad actors.”
It’s abundantly clear that cyberattacks are on the rise and shaking up the insurance industry. According to the 2022 Cyber Threat Report released earlier this year by SonicWall, 2021 saw an alarming 105% surge in ransomware cyberattacks, and Governments worldwide saw a 1,885% increase in ransomware attacks.
Cyber is undoubtedly one of the most dynamic risks out there. Discussing the state of the market, Dan says, “The way we frame this is we genuinely believe the market is going through what we feel like its seat belt moment. We´ve been able to find enough data to understand much better than we were before what good looks like. So what are the, frankly, fairly minimal things one should do as an organisation to improve your risk well enough that you´re not in a position where you can just your hygiene´s good enough, that actually you’re insurable.”
Cyberattacks constantly morph and become increasingly sophisticated, targeted, and difficult to spot in time. Mark asks Dan what changes he has seen in the method of attacks, “Tactics are changing slightly. So we’re seeing a lot more aggression once again in terms of the way that the criminal groups are attacking, and the way that they are looking to exploit and their willingness maybe to delete data quicker, and then their willingness to weaponise, are some of the issues.” Dan discusses how attackers are less willing to negotiate; adopting a ´pay, me now or I delete your data´ approach. Dan and Mark discuss how attackers have done their homework and know how much the data is worth. Dan notes that the perception of the lone attacker working from their parent´s home is long gone, as many attackers are part of sophisticated groups.
Are we at a point of maturity with the cyber market, is it in a better shape than it has been in a while, and is Dan happy with the state it’s in? Dan responds, “I think the answer is yes, but there is always a yes but, isn´t there. I think having seen the development of this market and having proudly felt been part of it, and really enjoyed that process, there has been a number of key moments, and I think the last two or three years, there has been a massive shift in the maturity of this market and the approach people take to it.”
Elaborating further on the market’s maturity, Dan says he’s optimistic about the market, “I keep coming back to that. I think that’s the key, crucial consideration in the maturity of this market is better modeling, more effective modeling, more accurate modeling, better understanding of the models to make sure we get to the next phase of that necessary growth.”
Enjoy the podcast.